Endpoint Protection

I would like to set up an email alert that would be sent immediately when a single ransomware virus is detected. I'm setting it up in Monitors -> Notifications Since I can't test this without potentially infecting a system, can someone let me know if I set this alert up correctly to send an email when even just one of these viruses is detected?

The alert is setup correctly, but, that also assumes the Risk name contains "ransom". To be honest Symantec risk names vary for ransomware so you may need to look through they and pick out which ones you need. I know there are ones that contain crytpolocker as well as others. Multiple alerts will be needed.